This guide is mostly focused on finding information about griefers, but it can be used to find any player you’ve played with (after applying this method).

Girefers, or as we call them "Elves", are people who have no moral boundaries and only wish for the world to burn. They are desperately trying to ruin your and everybody else's mining experience!

Since the game does not allow you to see all the players you have played with, which is being actively used by griefers. I have found a solution to this problem! And they definitely didn’t see this one coming!

In theory, when you play with others, Steam logs this information in the "Recently Played With" list. However, in practice, this feature is very clunky and often fails to provide a complete record of recent players. My tests concluded that it only logs players who successfully extracted with you from the mission. It does not include those who left mid-game or simply joined your lobby without completing the mission.

To access this list you can:
Go to your Steam profile > Friends > Recently Played With, or Go to the main page > View > Players.

What we will be doing is creating a memory dump of a process and analyzing it to find the Steam IDs of players who have been in your lobby.

What is a memory dump of an application?
In simple terms, it's a copy of the process memory saved into a file.

What is a Steam ID?
A Steam ID is a unique identifier assigned to a Steam account during its creation and cannot be changed. We will use this to find the profile of our griefer!

How it works:
As soon as any player joins your lobby, their Steam ID is saved in the process memory.
Do not close the game or drop into the mission, otherwise the evidence will be destroyed.

My tests concluded that this data remains in your memory until you drop into another mission or close/reboot your game. However, you can safely disband your lobby. I recommend creating a memory dump as soon as possible after the mission, as I don’t know how long the data will be stored.

To apply this guide you will need:

• Windows Task Manager or any alternative capable of creating memory dumps
  
• Any Hex editor
  
• A Web Browser

________________ Important information before you proceed ________________

You don’t need to be tech-savvy to follow this guide, i have tried to simpify the steps as much as possible. If you run into any issues - ask in the comments.

This guide will only help you find players you’ve played with after using this method — not before. You also don’t need to use it after every single game, only when you need to locate a player you're interested in.

This guide can also help you find good players who left before you could send a friend request.

Critical Warning: Memory dumps may contain sensitive information!
To avoid potential data leaks from your device, do not share your memory dumps with anyone!

Now, let’s begin our journey.

First of all, you need to open Windows Task Manager. To do this, you can:

• Use the Windows shortcut Ctrl+Shift+Esc.
  
• Open it via the Windows menu.
  
• Open it through the Windows search menu.
  
• Use the Run application by pressing the Win+R hotkey and typing "taskmgr".
  
• Use the Command Line Interface (CLI) with the command "taskmgr".

I could probably write a "50 Shades of Windows Task Manager", but I won’t.

Once we've done that, we need to locate DRG.
In the "Processes" tab we need to look for a name "Deep Rock Galactic"




We can also locate it in the "Details" tab with the name FSD-Win-Shipping





After locating it, right-click on the process and select "Create dump file".
Note that once you start creating a dump file, your game will enter the "suspended" state, which may freeze or disconnect the players. That's why I recommend doing it after the mission.













Now once the dump is created, you’ll be prompted to open the file location. Open it and move the .dmp file to your desktop or any convenient directory.

If you skipped the prompt to open file location, don’t worry. You can use windows hotkey Win+R and type in %temp% . This will open the Temporary Directory, where the dump is saved by default.

Now for the second step. Open the Hex editor of your choice (I'll be using HxD, as it is simple and powerful). Then, Drag and Drop the .dmp file into the Hex editor.
Do not try to open the file using Notepad, the file is too big for it to handle.

Since I’m using HxD, the functions and shortcuts I mention may vary depending on your editor.

Once we’ve loaded the file into the editor, we need to bring up the search function. In HxD, you can do this by pressing Ctrl+F. A search window will pop up:

• Select the "Text-string" tab.
  
• In the search field, type "steamid".
  
• Check the box for "Case sensitive".
  
• Select the search direction as "All".
  
• Click the "Search All" button.

Wait until the search process is completed.














Once it’s done searching, you’ll see the results. In HxD, the results window will appear at the bottom of the main window (Note: The IDs in my images have been modified to keep them private).






You can double-click the line that interests you in the results window, and it will take you to the corresponding section of the file.
Since you will encounter many different IDs, duplicates, and even your own ID, you’ll need to carefully go through them to find the one you’re looking for.
When you’ve located the correct data, select and copy the ID. It starts with "steamid:" followed by a number. Copy the numbers without any other characters into a text file for convenience.

You won’t see exactly what’s in my images because I’ve removed all unnecessary data. So, you might need to spend some time analysing it.

As an alternative, if you don't want to wait until the end of the mission to create a memory dump and want to speed up the entire process, I recommend using live memory reading tools. This approach requires a bit more knowledge and caution, but it's much faster than creating memory dumps. It allows you to pull data directly from memory during the game without interruptions.

(Be aware that some live memory reading tools may produce false negative results, meaning they might not detect certain IDs even when they are actually present).

However, be careful not to modify any memory regions. The analysis process is essentially the same as described in the section "Analyzing the Memory Dump" - you still need to search for the string "steamid:" and extract all the interesting Steam IDs. Then, proceed to the next section, "Finding the Profile".

For a more efficient and accurate search, you can use regular expressions (Regex), if the tool of your choice supports them. This regular expression will help you search for the desired pattern: It matches the text steamid: (case-sensitive), then looks for exactly 17 digits using the \d{17} pattern.

If you were using HxD for memory dump analysis - good news, this tool can also read live memory!
To do this, go to the Tools tab > Open main memory > select the process FSD-Win-Shipping, and follow the same search procedure from the "Analyzing the Memory Dump" section.
(Please note that the search process may display a very large estimated time. However, it usually takes significantly less time than estimated).

Once you've written down all the IDs from your results, you may want to remove duplicates and your own IDs.
Add this string before each ID: cs2bus.com/profiles/
Your result should look something like this: cs2bus.com/profiles/12345678904432113
(This particular profile does not exist. it's just for demonstration).

Now, simply enter these links into a web browser and check out their pretty profiles!


You can now block them, report, or do whatever you feel is necessary.

As an alternative, you can set up a keyword bookmark if your browser supports it. In the URL field, enter cs2bus.com/profiles/%s (where %s tells your browser to insert whatever you type after the keyword), and choose any keyword you like. For example "stid" (without quotes). Now, your search query should look like this: stid 12345678904432113 .
This is a more permanent solution that allows you to quickly extract the ID and search it using your keyword, instead of manually typing URL every time.


If this guide helped you, share it so others can join the fight against the Elves! No more hiding from us.